Disclaimer

The views expressed in this blog are my own and do not necessarily reflect the views of Oracle Corporation. All content is provided on an 'as is' basis, without warranties or conditions of any kind, either express or implied, including, without limitation, any warranties or conditions of title, non-infringement, merchantability, or fitness for a particular purpose. You are solely responsible for determining the appropriateness of using or redistributing and assume any risks.

By Joel Nation

Category: Technical

Was recently helping a customer deploy Moodle on the Oracle Cloud with a focus on how to do this in automated way with Developer Cloud Service. I thought I’d share my experience in case anyone else is trying to do something similar.

Goal

We want to deploy Moodle (which is a PHP application that uses MySQL) on the Oracle Cloud and we want the build to be automatically triggered every night (so we can test it fresh).

Deploying custom code to the Oracle Mobile Cloud Service can be a lesson in frustration. You have to download the scaffold, write your code, zip it up and then upload that using the Web UI. You quickly get into the flow of doing this, but if you need to check logs or look at any other screen in MCS you will have to re-navigate back to the implementation screen over and over again.

Turns out that the MCS team has created a command-line npm tool to help with. This may be obvious to some, but it’s not highlighted well enough in my opinion! So to help others with this issue, let me show you how we use it.

First download any of the MCS SDKs and the navigate on the command line to the mcs-deploy folder. Then simply run npm install -g to install the mcs-deploy programme into your path.

Now navigate to your MCS project and make sure you’ve filled out the toolsConfig.json file. At a minimum you want to add the baseUrl and authorization parameters (they will have placeholders initially). This should be easy enough to fill in, most of the parameters are in the settings page of your mobile backend.

With that done, to upload your code just run the following on your command line (from within the implementation code folder):

mcs-deploy toolsConfig.json -u <username> -p <password>

This programme will package up your code and send it to MCS using the REST APIs. You can optionally leave off the username and password details and it will ask you for those interactively. It would be great if mcs-deploy could read these from a configuration file (say ~/.mcs-deply, much like my equivalent deploy tool for Application Container Cloud). That way you could include the script in your build tools without having to hard-code or change credentials.

This has already saved me a heap of time!

If the MCS Devs are reading this, it would be great if the mcs-deploy code was a proper npm package. It would mean we could install this just using npm install -g mcs-deploy (without having to download the SDK).

In our recent Label Security presentation we used a feature called Proxy Authentication. This allowed us to connect to the database as one user, but proxy the credentials of another so that we can access resources that proxied user can see. Without this we wouldn’t be able to use Label Security with our OSB services. It’s been brought to my attention that this is a useful feature that others would be interested in, but it’s hidden within my other post. So I’ve extracted the material out here to its own post so it can be found easier. Enjoy!

So you’ve followed Oracle’s lead and started implementing REST services in Oracle Service Bus. But you very quickly run into a problem, how do I get my webpages to access these services via Ajax when they are hosted on different domains (or ports). This is generally forbidden in most browsers (as it violates the ‘same origin policy’, ie: you can only access resources in the same domain as you). The most common recommendation to resolve this issue is to enable CORS (Cross Origin Resource Sharing). Basically you just set a header in the response from the remote service that lists the domains that are allowed to request from this resource. If the web page is in that list the browser will allow the resource to be accessed.

Getting this to work in OSB is actually pretty easy and will mean that your OSB services don’t have to be on the same domain as your web pages. Read on to find out how.

So by now you’ve seen how to install Label Security (here), configure a policy (here) and create a UI to access the data (here). Particularly in the UI post, you would have seen how Label Security helps to simplify our application development, as we no longer have to worry about configuring data security, the database takes care of it for us. Whilst a UI is a great way to access our data and demonstrates a common use case, it’s not the only way to access our data. So in this post we are going to demonstrate how to create a web service that will talk to our database and return the correct documents for each user.

If we weren’t using Label Security, we’d have to add some significant logic to poll the database for the security permissions of the user (ie: JCooper has Top Secret access, but CDoyle can only see Secret Narcotics documents). We’d then need to apply that to our query to return the documents. Whilst this will work, what happens if the developer writes the query incorrectly and some users start seeing documents they shouldn’t? Or what happens if the service is compromised and a hacker gets access to the underlying database using the application database credentials. This poses a significant risk to our organisation and it’s data security. With Label Security we can avoid all this as the service just has to query the database and pass down the user credentials. The database will take care of the rest, there is no opportunity for the developer to mess up the query or if the user account is compromised only the documents that user had access to will be affected.

I’ve uploaded the OSB project that we will create below to GitHub. You can access it here: https://github.com/Joelith/SecureOSB. To get it working, import the project into JDeveloper and configure the database source in WebLogic (detailed below). Otherwise read on to see how it’s all put together

When you think virtualisation, you generally think of hypervisors like VMWare, Virtual Box etc. These work by effectively emulating an entire operating system on top of another operating system. But did you know there’s actually another option, one that is generally better performant and where the images take up less space (who’s tried to share a VM with a colleague remotely before. Sending a 40Gb file is not easy!)? This option is called ‘containers’ and it’s actually been around for a long time (it’s been in Solaris for years and has recently made it’s way to Linux).

Containers work by sharing the host operating system with the container, but the container has it’s own file system and can’t access the resources on the host. Virtualisation without the overhead of emulating an operating system! One of the easiest ways to get started with containers is to use Docker. Docker provides an easier way to use containers and manage the images. To demonstrate how Docker works and how we can use it to create containers of Oracle products check out this post over at the RedStack blog that I co-authored with Edwin Biemond and Mark Nelson

If you’ve been following along in our series of Oracle Label Security posts (Part 1, Part 2) you should now have a table of ‘documents’ that depending on the users permission will return different sets of documents. In this post we’re going to add a UI so that we can see how Label Security makes application development easier by freeing us from having to worry about security in the application. We won’t actually be doing any database work (that’s been done in the previous posts) and will just focus on getting a simple UI up. You could use any language to build this UI as long as it can connect to the Oracle database (generally through ODBC), which is pretty much of all of them. For this example we are going to build a NodeJs application with a Bootstrap UI. It will be a good demonstration of how to connect NodeJs and the Oracle database together.